> I do not know what the proper terminology is to discuss this. Assuming > there is none, I will call the solution Key Pair Agreement.
Call it kosherized public key generation. Kosherization is not a term often used in theoretical cryptography, but it is often used in practice > It would seem that the DSA key structure facilitates this: > > 1. Scott sends SEED1 to Alice. > 2. Alice picks a random number SEED2. > 3. Alice sets SEED=SHA1(SEED1 || SEED2). > 4. Alice generates a set of DSA parameters P, Q, G using the > algorithm in Appendix 2, FIP-186-2. > 5. Alice generates a key pair (x,y) using the parameters from (4). > 6. Alice sends SEED2, counter, P, Q, G, y to Scott. > 7. Scott generates P', Q', G' based on SEED=SHA1(SEED1 || SEED2), > counter, and compares them to P, Q, G. Hold on, what you have kosherized is the public parameters of DSA, but you haven't really kosherized the public key, y (IINM). Given P, Q, G (chosen by say Scott, or kosherized by Alice), Alice could come up with a cooked-up public key y. It would seem difficult to impose some structure on y, since Scott will want to choose a random x, in which case G^y % P will look random. This is different from RSA, where the public key is the pair e, N, e can be set to 3, and you can impose some structure on N (as Wagner pointed out). --Anton --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
